INTERNAL AUDIT CHARTER - Great Kei Local Municipality

INTERNAL AUDIT CHARTER
GREAT KEI
LOCAL MUNICIPALITY
2014/2015
TABLE OF CONTENTS
NO
CONTENT
PAGE
1
INTRODUCTION
1
2
3
4
PURPOSE
OBJECTIVES OF INTERNAL AUDIT
AUTHORITY
1
1
1
5
THE POSITION OF INTERNAL AUDIT WITHIN MUNICIPALITY
1
6
INTERNAL AUDIT INDEPENDENCE AND AUTHORITY
2
7
LEGISLATION GOVERNING INTERNAL AUDIT
SCOPE OF INTERNAL AUDIT
2
8
9
10
8.1 GOVERNANCE
8.2 RISK MANAGEMENT
8.3 CONTROL
3-4
RESOURCE REQUIREMENTS
ROLE OF INTERNAL AUDIT
4
10.1
10.2
10.3
10.4
ASSURANCE SERVICES
CONSULTING SERVICES
INTERNAL AUDIT RESPONSIBILITY IN FRAUD & CORRUPTION
RESPONSIBILITIES OF MANAGEMENT
5-6
RELATIONSHIPS
11
11.1
11.2
11.3
11.4
RELATIONSHIP WITH MANAGEMENT
RELATIONSHIP WITH THE AUDIT COMMITTEE
RELATIONSHIP WITH EXTERNAL AUDIT
RELATIONSHIP WITH OTHER ASSURANCE PROVIDERS
7-8
INTERNAL AUDIT PLAN
12
12.1 PLANNING, CONTROLLING & RECORDING
12.1.1 PLANNING
12.1.2 CONTROLLING
12.1.3 RECORDING
8-9
13
REPORTING AND FOLLOW-UP
9-10
14
STAFF AND TRAINING
10-10
15
APPOINTMENT & REMOVAL OF THE CHIEF AUDIT EXECUTIVE
11-11
16
ASSESSMENT OF EFFECTIVENESS OF INTERNAL AUDIT FUNCTION
11-11
17
MAINTENANCE OF CHARTER
11-11
18
CONCLUSION
11-11
19
APPROVAL
12-12
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
The internal auditing function is charged with the responsibility for ascertaining that the ongoing processes for controlling
operations throughout the organization are adequately designed and are functioning in an effective manner. Internal
auditing is also responsible for reporting to management and the audit committee of the board of directors on the
adequacy and effectiveness of the organization’s systems of internal control, together with ideas, counsel, and
recommendations to improve the systems
This charter outlines the mandate of Internal Audit and serves as the statement of purpose, authority and responsibility of
Great Kei Municipality regarding the key functions it needs to consider as part of its operations.
The status, authority, roles and responsibilities are in accordance with Institute of Internal Auditors, Section 165 of the
Municipal Finance Management Act (MFMA), no 56 of 2003 read together with MFMA Circular 65 of 2012 as issued by
National Treasury. Furthermore, the Internal Audit Unit should also have regard to the recommendations contained in the
King Report on Corporate Governance for South Africa 2009 (King III).
PURPOSE
The purpose of this charter is to set out the nature, role, responsibility, status and authority of Internal Auditing within the
Great Kei Municipality, and to outline the scope of the internal audit work
OBJECTIVE OF INTERNAL AUDIT
The objective of internal audit activity is to provide an independent, objective assurance and consulting activity designed
to add value and improve the organisations operations. It helps an organisation accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls and governance
processes.
AUTHORITY
The internal audit activity has an authority , with strict accountability for safeguarding records and information, is
authorized full, free, and unrestricted access to any and all of Great Kei Municipality records, physical properties, and
personnel pertinent to carrying out any engagement.
This privilege carries with it the responsibility to maintain appropriate confidentiality with regard to relevant details
All employees are requested to assist the internal audit activity in fulfilling its roles and responsibilities.
The Chief Audit Executive shall also have free and unrestricted access to the Chairperson of the Audit Committee.
THE POSITION OF THE INTERNAL AUDIT WITHIN MUNICIPALITY
The Chief Audit Executive will report functionally to the Audit Committee and administratively (i.e. day to day operations)
to the Accounting Officer. The Audit Committee will:
 Approve the internal audit charter.
 Approve the risk based internal audit plan.
 Approve the internal audit budget and resource plan.
 Receive communications from the Chief Audit Executive on the internal audit activity’s performance relative to its plan
and other matters
 Concurrence in decisions regarding the appointment and removal of the Chief Audit Executive.
 Make appropriate inquiries of management and the Chief Audit Executive to determine whether there is inappropriate
scope or resource limitations.
1
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
The Internal Audit activity will also have unrestricted access to all levels of management, Audit Committee, MPAC,
Municipal Council, and other appropriate governing authorities.
Internal audit will not be responsible for any of the activities, which they audit. In addition, internal audit will not assume any line management or operational functions.
Members of the internal audit function will not assume the responsibility for the development, operation or control of
any systems and procedures.
The Chief Audit Executive shall also form part of the Executive Management Team, but shall remain independent and
objective of line functions.
The Internal Audit Unit should determine its priorities in terms of the municipality’s strategic and operational risk profile, in consultation with management. Accordingly the Internal Audit Unit has direct access to, and freedom to report
to all senior management including the audit committee and Council.
The Chief Audit Executive will communicate and interact directly with the Audit Committee, including in executive sessions and between Audit Committee meetings as appropriate
INTERNAL AUDIT INDEPENDENCE AND OBJECTIVITY
The Internal Audit activity needs to be professional in their approach and have appropriate experience and/or
qualifications to enable it to add value to the Council's operations.
Independence is essential to internal auditing and as a result the Internal Audit activity should be positioned as an
independent operating unit to enable it to have a separate identity with its own budget, staff structures and designations.
The Internal Audit activity should administratively function as a separate directorate.
The Internal Audit activity needs to be independent from the activities it is auditing and should assert no direct
responsibility or authority over the activities reviewed.
The Chief Audit Executive may issue reports in his own name, without third party editing, to all appropriate officials,
standing committees of the Municipality, as well as the Auditor General.
Reports issued to parties other than those mentioned above should be under the hand of the Municipal Manager or
Chairperson of the Audit Committee.
The Internal Audit activity should be objective and exercise due professional care in its approach, keeping the best
Interests of the Council in mind at all times.
Without adversely affecting its objectivity, the Internal Audit activity may make recommendations or set out its
expectations regarding weaknesses identified.
The Internal Audit activity should act as an advisory body and avoid trying to develop, install and maintain systems and
controls or engage in other activities that could be construed as compromising its independence and integrity
Internal Audit shall be free from interference in determining the scope of internal auditing, performing work and
communicating results
If independence or objectivity of is impaired in fact or appearance, the details of the impairments shall be disclosed to
appropriate parties. The nature of disclosure of will depend upon the impairment
If internal auditors have potential impairment to independence or objectivity relating to proposed consulting services,
disclosure should be made to the engagement client prior to accepting the engagement
LEGISLATION GORVERNING INTERNAL AUDIT
The Internal Audit Function is governed in terms of section 165 of the Municipal Finance Management Act No. 56 of
2003 (as amended) (MFMA) read together with MFMA Circular no. 65 of 2012 issued by National Treasury and by
the Municipal Systems Act, No. 32 of 2000 (MSA) which provides for the establishment of the Internal Audit Unit so as
to regulate the function and to provide for matters incidental thereto. The internal audit activity also serves the
municipality in a manner that is consistent with:
 The Municipal Finance Management Act No 56 of 2003, specifically internal control, internal audit and audit
committees
2
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER







The King III Report on Corporate Governance for South Africa;
The Council Delegations as amended from time to time;
The IIA Standards and Statements for the Professional Practice of Internal Auditing;
The Code of Ethics and Statement of Responsibilities as stipulated by the Institute of Internal Auditors;
The Fraud Examiners Guidelines and Principles for Investigative Auditing; and
The ISACA Standards for Computer Information System Auditors
Any other applicable legislation
SCOPE AND ROLE OF INTERNAL AUDIT ACTIVITY
The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and
effectiveness of the organization's governance, risk management, and internal controls as well as the quality of
performance in carrying out assigned responsibilities to achieve the municipal’s stated goals and objectives. This includes:
 Evaluating risk exposure relating to achievement of the organization’s strategic objectives.
 Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report
such information.
 Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations
which could have a significant impact on the organization.
 Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
 Evaluating the effectiveness and efficiency with which resources are employ
 Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals
and whether the operations or programs are being carried out as planned.
 Monitoring and evaluating governance processes.
 Monitoring and evaluating the effectiveness of the organization's risk management processes.
 Performing consulting and advisory services related to governance, risk management and control as appropriate for
the organization.
 Reporting periodically on the internal audit activity’s purpose, authority, responsibility, and performance relative to its
plan.
 Reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters
needed or requested by the Audit Committee.
 Evaluating specific operations at the request of the Audit Committee or management, as appropriate.
LIMITATION OF SCOPE
Any attempted scope limitation by management must be reported, preferably in writing, to the Municipal Manager
and to the audit committee. The question of whether an action from management in fact constitutes a scope limitation
is at the judgment of the CAE.
Except in cases of suspected fraud, the Municipal Manager and the Audit Committee may decide to accept a
limitation of scope. In such instances, the CAE should evaluate from time to time whether the circumstances surrounding
the scope limitation are still valid and whether the scope limitation needs to be reported again to the Municipal
Manager and the audit committee for their renewed consideration
GOVERNANCE
Internal audit activity must assess and make recommendations for improving governance process in its accomplishment of the
following objectives:
Promoting appropriate ethics and values within the municipality;
Ensuring effective organizational performance management and accountability;
Communicating risk and control information to appropriate areas of municipality; and Coordinating the activities of and communicating information among the audit committee, external, internal auditors and management.
3
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
RISK MANAGEMENT
Internal audit is responsible for providing assurance to management and the audit committee on the adequacy and
effectiveness of the risk management process.
Risk management is a key responsibility of the accounting officer and management.
Management should ensure that adequate risk management processes are in place and functioning as intended. Internal audit
must assist management and the audit committee by examining, evaluating, reporting and recommending improvements on
the adequacy and effectiveness of management’s risk processes.
Conducting assessments and reporting on the organisation’s risk management process should be a high audit priority.
CONTROL
Based on the results of the risk assessment internal audit must evaluate the adequacy and effectiveness of controls encompassing the municipality’s governance, operations, and information systems.
The following aspects should be considered when assessing controls for adequacy:
 The control environment and management attitude towards controls;
 Standard control practices; and
 Compliance with other generally used control frameworks.
If the controls are adequate, the internal auditor should evaluate the controls for effectiveness. To ensure that the conclusions
reached are correct and supported by acceptable evidence the auditors are required to analyse and evaluate the findings
of the audit in order to determine whether the controls are effective or not. The auditor may reach one of the following conclusions when evaluating the controls for effectiveness:
EFFECTIVE
The existing controls are effective, i.e. they provide reasonable assurance that the activity will achieve its performance
objectives.
INEFFECTIVE
The existing controls are ineffective, i.e. they do not provide reasonable assurance that activity will achieve its performance
objectives.
RESOURCE REQUIREMENTS
The budget of internal audit is the responsibility of the accounting officer, audit committee and chief audit executive to ensure
that the internal audit activity is adequately resourced for effective functioning. The chief audit executive should have control
and responsibility over the internal audit budget. The budget should at least cover the following items:
 Personnel related expenditure;
 Capital expenditure and software;
 Training and development;
 Institute of Internal Auditors membership fees; and
 Quality assurance programs.
4
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
ROLE OF INTERNAL AUDIT
10.1 ASSURANCE SERVICES
Assurance services include financial, compliance, information technology, and operational audit engagements and special
investigations
The role of Internal Audit in the Municipality is to assist the Municipal Manager and the Council to meet their objectives and
to discharge their responsibilities by providing an independent appraisal of the adequacy and effectiveness of the controls
set up by management to help run the municipality. The controls subject to evaluation should encompass the following:
 The information systems environment;
 The reliability and integrity of financial and operational information;
 The effectiveness of operations;
 Safeguarding of assets; and
 Compliance with laws, regulations, council directives and controls
10.2 CONSULTING SERVICES
These services are advisory in nature and the scope is agreed with the client. These services are performed at the request
of management and provide advisory-related services and are intended to add value and improve the organization’s
governance risk management and control processes without the internal auditors assuming management responsibilities. The
consulting services will include advice, facilitation, and training and analyses activities if necessary.
TYPES OF CONSULTING ENGAGEMENTS
Internal audit should obtain an understanding of the nature of the engagement to clearly articulate the terms of reference.
Agreed upon procedures should be documented in the engagement letter and agreed upon with the client.
The types of consulting work include the following:
Formal consulting engagements – those that are planned and subject to written agreement;
Informal consulting engagements – routine activities such as participation on standing committees, limited-life audit projects,
ad-hoc meetings and routine information exchange;
Special consulting engagements – participation on dedicated teams such as system conversion team; and emergency
consulting engagements – participation on a team established for recovery or maintenance of operations after a disaster
or other extraordinary event, or a team assembled to supply temporary help to meet a special request or unusual
deadline.
Objectives, scope and limitations of the consulting assignment should be confirmed in writing in an engagement letter. The
responsibilities of both management and internal audit should be defined and documented in the engagement letter that
should be signed by both parties.
All working papers prepared during the execution of the consulting engagement should be kept as evidence of conducting
the procedures.
Internal audit should communicate issues and preliminary results of the consulting engagement with line management during
the conduct of the assignment.
Report to management may either be oral by conducting a meeting session with line management or written updates can
be provided to management. As agreed upon in the engagement letter, internal audit should report results of the consulting
activity.
5
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
ACCEPTANCE OF CONSULTING ACTIVITIES
The following guidelines are provided for assisting the internal audit activity in accepting consulting activities:
 Some consulting activities are specifically identified in the approved internal audit annual plan;
 Other consulting activities are initiated by managers communicating directly;
 The chief audit executive should request the audit committee’s approval for consulting activities that significantly affect the
approved internal audit’s annual operational plan;
 The chief audit executive should consider the impact of independence and objectivity on the internal audit activity before
acceptance of the consulting activities;
 The chief audit executive should consider whether the internal auditors have the requisite skills, knowledge, time and
competencies to perform the proposed consulting activities and
 The chief audit executive should consider the risks associated with the proposed consulting activities.
INTERNAL AUDIT RESPONSIBILITY IN FRAUD AND CORRUPTION
The Internal Audit Unit, as contemplated by section 165 of the MFMA, Act 56 of 2003 and also section 6 sub-section 2 (c),
sections 40, 45 and 55 of Municipal Systems Act, Act No. 32 of 2000 shall : exercise due professional care in performing its activities;
 consider all possibilities of material irregularities or non-compliance when conducting its activities;
 When expecting wrongdoing, report to the Chief Audit Executive who shall in turn report to the Audit Committee
immediately and to the Accounting Officer. Municipality should conduct investigations in terms of the procedures outlined in
the Fraud Prevention Policy;
 be aware of the kind of fraud that could be perpetrated in the organisation, in addition to understanding control systems;
 be responsible for examination and evaluating the adequacy and effectiveness of actions taken by management to fulfill
the obligation of deterrence of fraud;
 have sufficient knowledge of fraud risk to be able to identify indicators that fraud might have been committed.
RESPONSIBILITIES OF MANAGEMENT
The Audit Committee is responsible for approval of the scope of internal audit work, and for recommending the action to be
taken on the outcome of or findings from their work.
Management, in conjunction with the Municipal Manager, is responsible for:
 Ensuring that a risk assessment is conducted regularly to identify emerging risks of the Council.
 A risk management strategy must then be drawn up and used by management to direct internal audit effort and priority;
 Proposing the areas of investigation by Internal Audit;
Management is responsible for ensuring the Internal Audit function has:
 The support of executive management;
 Direct access and freedom to report to the Municipal Manager and the Audit Committee;
 Free access to the books of account, records, cash, stores, property and other sources of relevant information;
 Maintaining internal control, including proper accounting records and other management information suitable for running
the Municipality;
 Reviewing internal audit reports and the timely implementation of recommendations as considered appropriate, in the
light of Council’s resources.
6
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
RELATIONSHIPS
The Internal Audit Unit should seek to foster constructive working relationships and mutual understanding with management,
the Audit Committee and the External auditors. This relationship should not compromise or be seen to be compromising the
internal auditor’s independence and objectivity.
11.1 RELATIONSHIP WITH MANAGEMENT
The Chief Audit Executive should prepare the risk based internal audit plan and arrange the timing of internal assignments
in consultation with the senior management, except on those rare occasions where an unannounced visit is a necessary part
of the audit approach. Consultation can lead to the identification of areas of concern or of other interest to management.
Matters which may arise in the course of the audit are confidential and discussion is restricted to management directly
responsible for the area being audited unless they give express agreement to broaden the discussion.
Discussion with management is necessary when preparing the audit report. This should be an essential feature of the good
relationship between the auditor and management.
11.2 RELATIONSHIP WITH THE AUDIT COMMITTEE
The Internal Audit Unit should report and liaise with the Audit Committee on a regular basis on matters affecting and
pertinent to the Internal Audit Unit. Direction and guidance should be sought from the Audit Committee on a regular basis.
Internal and external audit recommendations and action plans not implemented by management should be tabled at the
Audit Committee meetings for direction and resolution.
The Audit Committee should annually assess the effectiveness of the internal audit function. Against criteria including:
 Achievement of the annual internal audit plan;
 Compliance with the IIA professional standards of quality;
 Achievement of reporting protocols through management to the Audit Committee;
 Timeliness of reporting of findings and activities;
 Management’s acceptance of audit findings;
 Quality and relevance of the annual assessment reports;
 Level of cooperation and interaction with other assurance providers within the combined assurance approach;
 Maintenance of adequate staffing/sourcing levels to achieve the objectives of the internal audit function; and
 Meeting the budget allocated to internal audit.
11.3 RELATIONSHIP WITH EXTERNAL AUDIT
The aim should be to achieve mutual recognition and respect, leading to joint improvement in performance and the avoidance of unnecessary duplication of effort. Consultations should be held and consideration given to whether any work of
either auditor is adequate for the purpose of reliance.
Since the Internal Audit Unit evaluates the Council’s internal control system, the external auditor needs to be satisfied that
the Internal Audit Function is planned and executed effectively and efficiently in terms of the standards of the Institute of
Internal Auditors.
The internal audit unit should attend the Audit Steering Committee meetings at which joint audit planning, priorities, scope
and audit findings are discussed and information exchanged.
The internal audit unit must make an assessment of the adequacy of the combined approach adopted by the municipality.
This assessment includes the adequacy of the risks covered by the different assurance providers and the reliability of the
assurance provided.
7
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
11.4 RELATIONSHIP WITH OTHER ASSURANCE PROVIDERS
Internal audit co-ordinates its work with that of the other assurance providers. The external auditors must be consulted in
determining the activities of internal and external audit in order to minimize duplication of audit effort. This may involve:
periodic meetings to discuss the planned activities;
 the exchange of audit work papers including systems documentation;
 the exchange of management letters;
 the forming of joint teams where appropriate;
 internal audit carrying out certain (financial) audit work;
 evaluating the quality of the services rendered to the company by the external auditors; and
 other aspects of the relationship between the organisation and the external auditors.
Internal audit must make an assessment of the adequacy of the combined assurance approach adopted by the Municipality.
This assessment includes the adequacy of risks covered by the different assurance providers and the reliability of the
assurance provided
INTERNAL AUDIT PLAN
At least annually, the Chief Audit Executive will submit to senior management and the Audit Committee an internal
audit plan for review and approval. The internal audit plan will consist of a work schedule as well as budget and
resource requirements for the next fiscal/calendar year. The Chief Audit Executive will communicate the impact of
resource limitations and significant interim changes to senior management and the Audit Committee.
The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the Audit Committee. The Chief Audit Executive will review and adjust the plan, as necessary,
in response to changes in the organization’s business, risks, operations, programs, systems, and controls. Any significant deviation
from the approved internal audit plan will be communicated to senior management and the Board through periodic activity
reports.
12.1 PLANNING CONTROLLING & RECORDING
Internal audit work should be planned, controlled and recorded in terms of its methodology in order to determine priorities, establish and achieve objectives, and ensure the effective and efficient use of audit resources.
12.1.1 PLANNING
Internal Audit Unit should prepare in consultation with, and for approval by the audit committee:
 a rolling three-year strategic internal audit plan based on its assessment of key areas of risk for the department, having regard
to its current operations, those proposed in its strategic plan and its risk management strategy;
 an annual internal audit plan for the first year of the rolling three-year strategic internal audit plan;
 Plans indicating the proposed scope of each audit in the annual internal audit plan;
 A modus operandi, with management inputs, to guide the audit relationship; and
 A quarterly report to the audit committee detailing its performance against the plan, to allow effective monitoring and possible
intervention.
The Internal Audit plan should define the purpose and duration of each audit assignment and allocate staff and other resources
accordingly.
The Internal Audit plan must be considered and approved by the Audit Committee. All internal audit plans should be sufficiently
flexible to respond to changing risk and priorities.
8
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
12.1.2 CONTROLLING
Control of the individual assignments is needed to ensure that internal audit objectives are achieved and work is
performed efficiently and effectively. The most important elements of control are the direction and supervision of the
internal audit staff and review of their work. This is assisted by an established internal audit methodology and standard
documentation. The Chief Audit Executive shall ensure that the necessary degree of control and supervision is exercised,
which will depend on the complexity of the assignment and the experience of the auditor.
12.1.3 RECORDING
Internal audit work should be recorded at all times. The Chief Audit Executive should specify the required standard
internal audit documentation and working papers and should ensure those standards are maintained. Internal audit
working papers should be sufficiently completed and detailed to enable an experienced internal auditor with no
previous connection with the assignment to subsequently ascertain from them what work was performed to support the
conclusions reached.
Working papers must be prepared as the audit assignment proceeds so that the critical details are not omitted and
problems not overlooked. These should then be reviewed by internal audit management. Internal Audit Unit should
obtain sufficient, relevant and reliable evidence on which to base reasonable findings, conclusions and recommendations.
REPORTING AND FOLLOW-UP
The primary purpose of internal audit reports is to provide management with an overall opinion on the adequacy of
design of the system of internal control as well as whether they are operating effectively.
Reporting arrangements, including the distribution of internal audit reports, should be agreed with management
Internal Audit will carry out the work as agreed, report the outcome and findings immediately to management, and will
actively seek comments and proposed remedial action plan/s.
A written report of the audit findings and recommendations will be prepared and issued by Internal Audit to
management at the conclusion of each audit and distributed appropriate. The details, unless otherwise requested by
management, will be distributed to relevant line management, who will already have been made fully aware of the
detail and whose co-operation in preparing the report will have been sought.
Internal Audit will also submit a quarterly report to the Audit Committee on the:
 Status of the Internal Audit Activities;
 Significant findings and management action plans;
 Follow-up on previously reported internal audit findings;
 Any instances of fraud or non-compliance with legislation identified during the performance of the Internal Audit
Activities;
Performance of Internal Audit against the annual Internal Audit plan to allow effective monitoring and possible
intervention.
Internal Audit shall have the right to report any critical or significant issue direct to the Municipal Manager or the
Chairperson of the Audit Committee before consulting with management.
The strategic and operational plan should include follow-up audits in order to assess the extent to which previous internal
audit recommendations and management action plans have been implemented. Repeat audit findings must be reported
to audit committee.
9
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
STAFF AND TRAINING
The Internal Audit Unit should be appropriately staffed in terms of numbers, grades, qualifications and experience, having
regard to its responsibilities and objectives.
The effectiveness of the Internal Audit Unit depends substantially on the quality, training and experience of its staff. Staff
should be appointed with the appropriate background, personal qualities and potential. Steps should be taken to provide
the necessary experience, training and continuing professional development and education.
Any staff transferred into the internal audit function from other departments should not review any aspects of their previous
department’s work until a reasonable interval of time has passed (say 12 months).
The Chief Audit Executive has a responsibility to ensure that the internal audit staff receives the necessary training for the
performance of the full range of duties, considering the following:
 internal audit objectives and priorities;
 the type of internal audit work; and
 previous training, experience and qualifications.
The internal auditor should keep abreast of current developments, improvements, new techniques and practices in auditing
field. The internal auditor should maintain technical competence through professional development which includes:
 private reading and study;
 participation in professional activities such as attending meetings, courses and conferences; and
 membership of the Institute of Internal Auditors.
The Chief Audit Executive should co‑ordinate, and keep under review, the training requirements of internal auditors. He/she
will be responsible for preparing training profiles which identify the training requirements for different grades of internal
auditors, and should maintain personal training records for each individual.
APPOINTMENT & REMOVAL OF THE CHIEF AUDIT EXECUTIVE
The role of the chief audit executive is to provide advice, counsel, and opinion regarding the organisation’s efficiency and
effectiveness in risk management, internal control and governance processes and performance management.
The chief audit executive should be permanently appointed at a senior manager level, reporting directly to the Accounting
Officer.
Independence is enhanced when the audit committee concurs in the appointment or removal of the chief audit executive.
The chief audit executive needs to direct supervise and manage the activities of internal audit activity. These include amongst
others planning, resource management, implementation of operating policies and procedures, review of work, coordination of
assurance activities and quality assurance.
ASSESSMENT OF EFFECTIVENESS OF INTERNAL AUDIT FUNCTION
The audit committee should annually assess the effectiveness of the internal audit function. Internal audit should be assessed
against the following criteria:
 Achievement of the annual internal audit plan;
 Compliance with IIA’s professional standards inclusive of quality assurance assessments on the level of compliance achieved;
 Achievement of reporting protocols through management to the audit committee;
 Timeliness of reporting of findings and activities;
 Responsiveness to changing business/operational environment;
 Management’s acceptance of the internal audit findings;
 Quality and relevance of the annual assessment reports;
 Level of cooperation and interaction with other assurance providers within the agreed combined assurance approach;
 Maintenance of adequate staffing/sourcing levels to achieve the required to meet the requirements of this charter; and
 Meeting the budget allocated to internal audit
10
2013/2014
GREAT KEI MUNICIPALITY
INTERNAL AUDIT CHARTER
MAINTENANCE OF CHARTER
The charter must be reviewed annually and accepted by the Municipal Manager and approved by the audit committee
CONCLUSION
To achieve full effectiveness, the scope of the Internal Audit Unit should provide an unrestricted range of coverage of the
Council’s operations, and the Internal Audit Unit should have sufficient authority to be allowed access to such records,
assets and personnel as are necessary for proper fulfillment of its responsibilities.
The Internal Audit Unit, as a service to the Council, should contribute to internal control by examining, evaluating and
reporting to management on its adequacy and effectiveness of systems.
The internal audit activity should contribute to the strengthening of the internal control environment as a result of
management’s response and remediation plans.
It is management’s responsibility to maintain the internal control system and to ensure that the Council’s resources are
properly employed in the manner and to the activities intended. This includes responsibility for the prevention and
detection of fraud and other illegal acts.
The Internal Audit Unit has regard to the possibility of fraud or theft and should seek to identify serious defects in internal
control which might permit the occurrence of such an event. When the Internal Audit Unit discovers evidence of, or suspect’s
fraud or theft, they should report firm evidence, or reasonable suspicions, to the appropriate level of management.
APPROVAL
APPROVED BY THE AUDIT COMMITTEE
RECOMMENDED BY ACCOUNTING OFFICER :
APPROVED BY THE AUDIT COMMITTEE
11
DATE
25 AUG 2014
DATE
11 SEPT 2014